Zitat von Paul Wise <p...@debian.org>:
Source: dehydrated
Version: 0.3.1-3
Severity: wishlist
X-Debbugs-Cc: debian-ad...@lists.debian.org
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team
DSA are using dehydrated and the DNS mode of it, via a cron job run
under chronic. Occasionally we get mails containing failures like the
one below. I suspect this is because the DNS update for the challenge
hasn't synced to Debian's DNS providers by the time the LE servers do
the request. It would be nice if the NXDOMAIN could trigger a retry
after a certain amount of time, maybe 5 minutes. This would avoid us
getting non-actionable mails for slight delays in DNS synchronisation.
ouch, are you suggesting to fix a race condition by adding longer timeouts?
anyhow, i've a hook-script for dehydrated in the NEW queue since about
1.5 months [1] that seems to fix this issue, by polling all DNS
servers that are authoritative for the given NS entry *until* the
relevant records show up.
gmsdr
IOhannes
[1] https://ftp-master.debian.org/new/dehydrated-hook-ddns-tsig_0.1.1-1.html
